navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as locked.
angieskidney Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Member 15th Apr, 2011 22:22
Ranking: -1
Posts: 5
User Since: 4th Dec, 2010
System Score: 99%
Location: CA
I have uninstalled Adobe Flash Player as per the instructions on another thread. I thought perhaps the insecure rating on Secunia was because I had to reboot after uninstalling. So I did it again but rebooted. Then installed the latest version.

Still I get this as insecure:

C:\WINDOWS\system32\Macromed\Flash\Flash10n.ocx, version 10.2.152.32 (ActiveX)

Any advice? Or should I just ignore this? After all I did everything as described in other threads I have found as I did a search before creating my own thread.

--
I had an account on here but when I upgraded to Windows 7 (redid my computer and OS) I could not recover my account.

OS: Windows 7 64 bit
CPU: AMD Phenom X3 8650 Triple-Core Processor
Mobo: ASUSTeK Computer INC. M3A78 PRO
RAM: 4.0GB Dual-Channel DDR2
Vid: ATI Radeon HD 4850

My Netbook is Windows XP 32 bit SP 3

http://kidneykorner.com

ddmarshall RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Dedicated Contributor 16th Apr, 2011 00:17
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I'm not a 64bit user but I don't think that that's the normal location for Flash Player on a 64bit system. As Flash Player is a 32bit application, I'd expect it to be in SysWoW64.
Did you install the 64bit Flash Player Square Beta? The last update for that was in November 2010. Either the vulnerabilities since then do not affect it or Adobe have lost interest in it. You need to run the special uninstallers linked to from this page:
http://labs.adobe.com/downloads/flashplayer10_squa...

If you do uninstall it, you won't have Flash on 64bit Internet Explorer. But, in any case, it's best to run the 32bit Internet Explorer 9 even on 64bit systems.
http://blogs.msdn.com/b/ieinternals/archive/2009/0...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
angieskidney RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Member 16th Apr, 2011 03:58
Score: -1
Posts: 5
User Since: 4th Dec 2010
System Score: 99%
Location: CA
Ah that answers for my current computer! Sorry I didn't specify, this was regarding my other computer that has XP on it.

Turns out that I had only gotten the NPAPI (the ActiveX one was the one that I had trouble with) one from http://www.adobe.com/products/flashplayer/

I don't know why the ActiveX one didn't work. When I tried again and actually looked at the file version I had it was an older version. So I deleted that and downloaded again and it is fine now.

But the link you gave brings a new question for me. On my main computer with the 64 bit should I use your link instead of the same one I used for XP?

--
I had an account on here but when I upgraded to Windows 7 (redid my computer and OS) I could not recover my account.

OS: Windows 7 64 bit
CPU: AMD Phenom X3 8650 Triple-Core Processor
Mobo: ASUSTeK Computer INC. M3A78 PRO
RAM: 4.0GB Dual-Channel DDR2
Vid: ATI Radeon HD 4850

My Netbook is Windows XP 32 bit SP 3

http://kidneykorner.com
Was this reply relevant?
+0
-0
ddmarshall RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Dedicated Contributor 16th Apr, 2011 12:16
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
If you are using the default Internet Explorer and Flash (not the Beta) continue using the normal uninstaller from http://kb2.adobe.com/cps/141/tn_14157.html if you need it.

I tried yesterday to download the update to 10.2.159.1 from Adobe just after it was released but got 10.2.153.1 instead. Sometimes it looks like Adobe have a delay getting all their update servers to the new version.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
Anthony Wells RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Expert Contributor 16th Apr, 2011 12:46
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

I can add that I received a Software Inspector email reminder for the latest Flash update 10.2.159.1 this am (around 10.30 CET) and (after a manual scan) the PSI auto-update worked fine (if rather slowly) for both the ActiveX and NPAPI Flash plug-ins and for AIR .

Google Chrome browser updated it's Stable and Beta versions for the Flash insecurity on Thursday the 14th and the Dev Chanel and Canary versions use the latest Beta 2 version .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
jhvance1 RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Member 16th Apr, 2011 16:05
Score: 1
Posts: 4
User Since: 28th Jan 2009
System Score: N/A
Location: N/A
Are you running PSI? If so, it seems that it grabs hold of the existing (insecure) ActiveX control file and prevents it from being deleted in whatever uninstall process Adobe builds into their updaters (manual or download manager version), unless you uninstall the entire Flash setup from Add/Remove Programs (or Programs and Features, depending on your flavor of Windows OS). I discovered this yesterday when patching with the latest Flash update and Unlocker (a nifty freeware program you can download from CNET or other comparable websites) reported it was PSI that prevented manual deletion of the file -- previously I'd always rebooted into Safe Mode to perform that task from within Windows Explorer after PSI had continued to report the insecure older OCX version had remained, and had always blamed Adobe for the failure.

So, kill PSI (right-click on the system tray icon and then choose "exit") before you install the new Flash update and reboot, then see if PSI identifies that same insecure Flash version. My routine is slightly different -- install the updated version, then use Windows Explorer to check whether the old Flash OCX version still resides in \Windows\system32\Macromed\Flash subdirectory. If it is (and it usually is), then kill PSI and manually delete the old OCX file before restarting PSI or rebooting.

I'm still running PSI v1.5.0.2, but clearly this continues in v2+ -- it would REALLY be nice for Secunia to have new versions of PSI recognize that a newer (more secure) version of Flash was being installed and release the handle(s) on the insecure OCX file to allow its deletion during that update, but now that I know why that file remains behind I'll stop criticizing Adobe for the failure.
Was this reply relevant?
+0
-0
ddmarshall RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Dedicated Contributor 16th Apr, 2011 17:26
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
PSI 2.0 no longer uses Flash. Using the PSI 2.0 Automatic Installer there's no trouble deleting the old Flash .ocx file.

For some time Adobe have recommended using their uninstaller from http://kb2.adobe.com/cps/141/tn_14157.html rather than Control Panel to uninstall Flash Player.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
jhvance1 RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Member 16th Apr, 2011 18:49
Score: 1
Posts: 4
User Since: 28th Jan 2009
System Score: N/A
Location: N/A
Last edited on 16th Apr, 2011 18:52
...and the reason I haven't upgraded to PSI v2.0 is that I prefer to be notified when updates are available, and to be in control of when (and which of) those updates are downloaded and installed rather than having PSI do so automatically ASAP at times which may be really inconvenient for me (the ONLY user). I'm quite happy with v1.5.0.2 for that notification feature, and supplement its perhaps lesser scanning capabilities (vs PSI v2.0) with FileHippo.

I am glad to know that v2.0 has gotten away from using Flash, which is why the earlier version I still use precludes deletion of the older OCX file. I'm sure that Secunia will eventually drop support entirely for v1.5.0.2, and when that happens I'll re-evaluate whether I want the then-current release on any of my computers.
Was this reply relevant?
+0
-0
Anthony Wells RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Expert Contributor 16th Apr, 2011 19:33
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@jhyance ,

If it helps , reread my post and you will see that the Secunia Software Inspector Reminder (by email) will keep you advised automatically of major programme update availability and is very much equal to FileHippo in timing , without the need to run a scan . You can select it in your "My Profile" link in the lhs column on this page ; it only covers major programmes .

The PSI 2.0.x will never "auto-update" or download anything to your system unless you have selected it so to do ; you can control "auto-updates" with a "prompt" requirement if you prefer or simply do not enable it . It's that simple and for the average user a major help .

Take care

anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
jhvance1 RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Member 17th Apr, 2011 01:39
Score: 1
Posts: 4
User Since: 28th Jan 2009
System Score: N/A
Location: N/A
@Anthony Wells

Thanks for the clarification about the PSI 2.0 user setting capabilities -- that is different than the understanding I had when reading through the release notes right after it was first issued in final form, so I'll re-review and reconsider the upgrade.

Since your tag is an "expert contributor", I'll ask a question on a different issue which may or may not become moot if I do go through the upgrade process -- on one (of five) machines in my office and the only one running Vista (Ultimate), the opening splash screen remains displayed on the screen after initializing while the other four machines (3 XP Pro SP3 and 1 Win7 Ultimate) all disappear. The PSI icon remains displayed in the system tray for all machines after loading, but I thought normal behavior for that opening screen was to go away after the initialization process was completed. For the one maverick, it stays regardless of whether the opening scan shows 100% secure or not.

Can't find anything in the user settings about that aspect, so I'm wondering if it's a Vista quirk or an indicator of something else that's wonky about that machine -- any insights you can share?
Was this reply relevant?
+1
-0
Anthony Wells RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Expert Contributor 17th Apr, 2011 12:14
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@jhvance ,

Wow , that's some hijack jump even by my standards and "asking" without seeking consent from the OP , well ....!! So despite your "flattery" , i would suggest you create your own thread around running the PSI version 1.5.0.2 on Vista Ultimate (? bit) and let the full weight of the Community Forum's "experts" help with your problem .

A more detailed explanation of your problem with a screencap would be useful .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
jhvance1 RE: Flash10n.ocx, version 10.2.152.32 (ActiveX) insecure still
Member 17th Apr, 2011 22:29
Score: 1
Posts: 4
User Since: 28th Jan 2009
System Score: N/A
Location: N/A
Sorry -- will start a new thread.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+